Open source software (OSS) is pervasive in today?s deployed software and the supply chain. Gartner estimates that by 2016, open source will be included in mission-critical software packages in 99 percent of global enterprises. There are over a million freely downloadable open source components that development organizations can use to build better software faster. But as open source software is more broadly used, IT organizations struggle to manage risk, control software assets and ensure compliance. In an environment where development organizations are under intense pressure to keep pace in competitive markets, a lack of formal policies and ad-hoc management practices for open source create unnecessary exposure.